CVE-2023-46730

Server-Side Request Forgery in groupoffice

CVSS 7.4 HIGHEPSS 0.6%CWE-918

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.4EPSS 0.6%KEV nãoPoC —Patch —

Lifecycle

Nov 07, 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Affected products

Intermesh · groupoffice

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Intermesh/groupoffice/commit/99205535e8cec6592fd7f1469837926f27c72d50 https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv